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Cafc460743c3f6ba5f225f684f060d65 


Slack files to go public 


Slack, the ubiquitous workplace messaging tool, on Friday filed to go public via a direct 
stock listing. 


Why it matters: Slack is one of the hottest names in enterprise software, most recently valued 
at over $7 billion by venture capitalists, causing some speculation that it could receive a major 
acquisition offer before or after the listing. 


•The direct listing is different from an IPO in that Slack itself isn't selling shares to the public. 
•Instead, shares are being sold by insiders like early employees and investors. 

•This is similar to what Spotify did last April, and Slack is using some of the same Wall Street 
banks. 

•It disclosed that $100 million of shares would be sold, but that's almost certainly a placeholder 
figure. 


Slack plans to list on the New York Stock Exchange under ticker symbol SK, likely sometime 
next month. 


It reports a $138 million net loss on $400 million of revenue for 2018, compared to a $140 
million net loss on $221 million in revenue for 2017. 


Founder and CEO Stuart Butterfield earned $10.4 million in 2018 compensation, almost all of 
which was in the form of stock. 


The San Francisco-based company had raised around $1.2 billion in private funding from firms 
like Accel, Andreessen Horowitz, Social Capital, SoftBank, Google Ventures and Kleiner 
Perkins. 
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Too many technologies! 
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Susan Marshall - H1F <susan.marshall@gsa.gov> 
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e7763319e693dbe949eddbld9e83143c 


Hi Travis, 


Just saw the item below on Insite/Chatter. 



Personally I think you an 
lese issues at your Slack meeting. 


consider discussing the 



If possible it would be helpful if we could receive a copy of the most recent IT Enterprise Architecture 
document in order to know which electronic systems are creating records that need to be managed. 


Vince Sanders 

I use Cisco Jabber, for all phone, chat, etc. When in a Hangouts Meet, how do I integrate the audio from Meet with Jabber, 
so that the audio comes out via Jabber. I have a Plantronics conference phone that I use with Jabber, because I have an issue 
my limbs and cannot use a headset. Please advise how we can integrate with Jabber. Additionally, when using Jabber, I can 
use other devices, while on hold, to handle other calls. You're assistance/support is greatly appreciated. Very respectfully, 
Vince 
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Susan Marshall - H1F <susan.marshall@gsa.gov> 
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ec3e6656644f39bd07fa9b948b237d7a 


The FedScoop article I sent you about GSA seeking a new "Slack" tool is not dated 2019, it is a 2018 
article. Sorry about the confusion. 
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b73ff525bf92325a014baac3d7271a07 


Hi Bob and Travis, 


You may want to use this issue as an opportunity to talk with IT about all of the communication 



On Fri, Jan 25, 2019 at 8:50 AM Travis Lewis - H1F < travis.lewis@gsa.gov > wrote: 

Thanks for passing along. Another topic to bring up with GSA IT and get the technical specifics and 
impacts of this from their perspective. 
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On Thu, Jan 24, 2019 at 9:30 PM Susan Marshall - H1F < susan.marshall@gsa.gov > wrote: 


https://gizmodo.com/bad-news-folks-google-hangouts-will-start-to-phase-out-1832004549 


fyi. 
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Slack meeting 
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896e0ea2f9810027b4c8b0cllbdf3cad 


Hi Travis, 


I'm going to have to skip the Slack meeting with Shive and Bob next week because I have 
another meeting scheduled with Bridget's staff during the same time. I'll catch up with you after 
the meeting. 


Thanks, 

Susan 
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GSA watchdog to 18F: Stop using Slack 
Written by Greg Otto May 13, 2016 | FEDSCOOP 


Slack, its logo seen above, is used by 18F for a number of internal purposes. (Kris Krug/Flickr) 


The General Service Administration’s inspector general wants the agency’s 18F unit to 
shut down its use of a popular workplace collaboration tool after it was found to expose 
personally identifiable and contractor proprietary information. 


In a “management alert” issued Friday, the GSA IG says 18F’s use of Slack - particularly 
OAuth 2.0, the authentication protocol used to access other third-party services - potentially 
allowed unauthorized access to 100 Google Drives, a cloud-based file storage service, 
in use by GSA. Furthermore, the report says that exposure led to a data breach. 


It’s unknown exactly who had access to or what data was stored on those Google Drives. The 
GSA IG office told FedScoop they could not confirm that any data was actually taken off those 
services. 


In a statement, the IG office said they called the incident a data breach because of the 
administration’s extremely inclusive definition. 


GSA’s Information Breach Notification Policy defines “data breach” as follows (emphasis ours): 


Includes the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, 
unauthorized access, or any similar term referring to situations where persons other than 
authorized users with an authorized purpose have access or potential access to PI I, whether 
physical or electronic. In the case of this policy the term “breach” and “incident” mean the 
same. 


A supervisor at 18F discovered the vulnerability in March and informed a senior GSA 
information security officer, who eliminated the OAuth authentication permissions between the 
GSA Google Drives and 18F’s Slack account. 


During the inspector general’s investigation last week, it was learned that the 
vulnerability had been in existence since October 2015. 


Additionally, the IG asked that any use of Slack or OAuth 2.0 inside GSA be shut down. 

The services were not in compliance GSA’s Information Technology Standards Profile, which 
makes sure IT products and services meet GSA’s security, legal, and accessibility 
requirements. 


OAuth 2.0 is used by many web-based products, including a variety of social media networks, 
allowing users to sign into other services without entering a password. Earlier this year, 
researchers at a university in Germany found the protocol can be susceptible to man-in-the- 
middle attacks. 


Slack has been a darling of the startup world in recent months, allowing enterprises to 
internally collaborate and move away from internal emails. (Full disclosure: FedScoop is a 
user.) Slack CEO Stewart Butterfield has touted that GSA, along with NASA and the State 
Department, are users. 


In FOIA requests FedScoop submitted to the agencies reportedly using Slack, only GSA would 
admit they are in fact using the service. 18F has publicized a lot of the work it has done with 
Slack, including a bot that onboards new employees. 


After the release of the report, Rep. Jason Chaffetz, R-Utah, issued a statement calling the 
incident “alarming.” 


“While we appreciate the efforts to recruit IT talent into the federal government, it appears 
these ‘experts’ need to learn a thing or two about protecting sensitive information,” the 
chairman of the House Committee on Oversight and Government Reform said. “The committee 
intends to further investigate this matter to ensure proper security protocol is followed.” 


18F has written a blog post about the incident, with the office saying it conducted a “full 
investigation and to our knowledge no sensitive information was shared inappropriately.” 


The incident stems from 18F integrating Slack with Google Drive - something Slack users 
often do - which runs afoul of the way the government wants to store its information. 


“Upon discovering that this integration had been accidentally enabled, we immediately removed 
the Google Drive integration from our Slack, and then we reviewed all Google Drive files 
shared between Slack and Drive, just to be sure nothing was shared that shouldn’t have been,” 
the blog post reads. “Our review indicated no personal health information (PHI), personally 
identifiable information (Pll), trade secrets, or intellectual property was shared.” 


Slack has issued a statement: 


“The issue reported this morning by the GSA Office of the Inspector General does not 
represent a data breach of Slack, and customers should continue to feel confident about the 
privacy and security of the data they entrust to Slack. 


Slack leverages the existing Google authentication framework when users integrate Google 
Drive with Slack. This integration allows users to more easily share documents with other team 
members in Slack. However, only team members who have access to the underlying document 
from the permissions that have been set within Google can access these documents from links 
shared in Slack. Sharing a document into Slack or integrating Google Drive with Slack does not 
alter any existing Google document or Google Drive access permissions. Those permissions 
are set and managed within Google. Slack is unable to modify, grant or extend any 
permissions that exist in Google Drive.” 


Contact the reporter on this story via email at qreq.otto@fedscoop.com, or follow him on 
Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop 
for stories like this in your inbox every morning by signing up here: fdscp.com/siqn-me-on . 
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Re: Record Your Hangouts Meet, Share Your Screen 

Thu, 31 Jan 2019 14:14:20 -0500 

Susan Marshall - H1F <susan.marshall@gsa.gov> 

Claudia Nadig - LG <claudia.nadig@gsa.gov> 

Duane Smith <duane.smith@gsa.gov>, Seth Greenfeld - LG <seth.greenfeld@gsa.gov>, 
Travis Lewis - H1ABA <travis.lewis@gsa.gov>, John Peters - LG <john.h.peters@gsa.gov>, 
Bob Stafford - H1AC <bob.stafford@gsa.gov> 
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On Thu, Jan 31, 2019, 2:04 PM Claudia Nadig - LG < claudia.nadig@gsa.gov wrote: 



Claudia Nadig 

Deputy Associate General Counsel - LG 
Office of General Counsel 
General Services Administration 
(202) 501-0636 


-Forwarded message- 

From: GSA Today < todav@notifv.gsa.gov > 

Date: Thu, Jan 31, 2019 at 2:00 PM 

Subject: Record Your Hangouts Meet, Share Your Screen 

To: < claudia.nadig@gsa.gov > 



Today 


GSA Office of Strategic Communication 


In Today's Issue: 

Record Your Hart 
Join OCE Commu 


Protecting Privacy In IT S' 
Projects 
There Is Still l ime to Taki 
Piiohj oj; ;hn I );iy 



Top News: 

I 


Did you know you can in Hangouts Meet? 

-That’s right! No more scribbling notes to review later or 
share with people who could not attend. Also, you can share 
your screen with Hangouts Meet and more. 


Acquisition Constraints Slow State Agencies' Push to th 
Cloud (State Scoop) 



Plaza 


The Office of Customer Experience will host its monthly 
Customer Experience Community of Practice on Feb. 5, from 
3-4 p.m., EST. This month's topic will be GSA's annual 
survey efforts. Sign up 


Do you have an idea? Would you like to make a suggestion? 
Send it to 




































An explains the tools used by GSA to 

identify, protect and manage personally identifiable 
information (Pll). Learn about privacy threat assessments, 
privacy impact assessments. Privacy Act Notices and more in 
the , or contact the 

for more information. 



Have you 

tried ? You'll 

want to start 
using it soon! IP 
Communicator 
software will be 
replaced by Jabber 
in early 


2019. 


throughout 

February. 



John Bisbee's 2013 welded steel spike sculpture, "Lion 
Dandies," is located at the John M. Roll U.S. Courthouse in 
Yuma, Arizona. It was commissioned through GSA's Art in 
Architecture Program. 


Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your 
Subscriber Preferences Page . You will need to use your email address to log in. If you have questions or problems 
with the subscription service, please contact subscriberhelp.govdelivery.com . 

This service is provided to you at no charge by GSA InSite . 


This email was sent to claudia.nadig@gsa.gov on behalf of General Services Administration 1800 F Street NW Washington, DC 20405 
866-606-8220 
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Updated invitation with note: Slack Meeting @ Wed Feb 20, 2019 1:30pm - 2:30pm (EST) 
(susan.marshall@gsa.gov) 

Tue, 19 Feb 2019 18:32:01 +0000 

Stephenie Johnson -1 <stephenie.johnson@gsa.gov> 

susan.marshall@gsa.gov, david.shive@gsa.gov, bob.stafford@gsa.gov, 

travis.lewis@gsa.gov 

wendy.womack@gsa.gov 

<00000000000004986105824375d9@google.com> 

7bf7b92b055dl41f2263644c02dbc2ed 

invite.ics 


This event has been changed with this note: 


"Due to tomorrow's weather, google hangouts has been added to this meeting. Stephenie Johnson" 


more details » 


Slack Meeting 

When Wed Feb 20, 2019 1:30pm - 2:30pm Eastern 

Time - New York 


Where 
Joining info 


CO - 18th & F Street - rm 7151 (map) 

Changed: 

Or dial: I 
instruct* 


Joining 


Calendar 

Who 


Going (susan.marshall@gsa.gov)? Yes - Maybe - No 


susan.marshall@gsa.gov 

CMXK 

david.shive@gsa.gov - 
organizer 

CMXK 

stephenie.johnson@gs 
a.gov - creator 

CMDCK 

bob.stafford@gsa.gov 

CMXK 

susan. marshall@gsa.g 
ov 

CMXK 

travis.lewis@gsa.gov 

CMXK 

lore options » 

wendy.womack@gsa.g 
OV - optional 


Invitation from Google Calendar 

You are receiving this email at the account susan.marshall@gsa.gov because you are subscribed for 
updated invitations on calendar susan.marshall@gsa.gov. 

To stop receiving these emails, please log in to https://www.google.com/calendar/ and change your 
notification settings for this calendar. 

Forwarding this invitation could allow any recipient to modify your RSVP response. Learn More . 
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Message-ID: <CAGjuJh7GajY_hJbtkwb4Z5PN83YT+iRUaQrdr-KTYEfURtf4Eg@mail.gmail.com> 

MD5: 81093e84427cb3a08eal03f7flbf438f 

Attachments: image.gif 

Hi Bob and Travis, 


Below are some interesting articles that reference Slack, including an article with today's date 
that says GSA IT issued an RFI for solutions that would extend the Slack capabilities. The 
other article talks about Slack and FOIA and says the GSA IG in 2016 recommended GSA stop 
using it. You may want to send the January 2019 article to Claudia. 

|Are Slack Messages Subject to FOIA Requests? - The Atlantic 

Tweet 

Bnail 

In offices the world over, email servers are gathering dust as workers flock to group instant-messaging 
platforms to communicate. Slack, one of the most popular platforms, lets users in a team send 
messages to one another, individually or in groups. It plays nicely with other online services, a feature 
which has helped it take off among media and technology companies. The company says its platform 
has attracted more than 2 million active users - includin&undreds here at The Atlantic- a n tilt's 
valued at nearly $3 billion. 


Recently, the government, which often lags behind on technology, has begun to catch on. According to 
Slack CEO Stewart Butterfield, the General Services Administration, NASA, and the State Department 
are all experimenting with using Slack for internal communication. 

The move is a potential boon to government productivity (notwithstanding the tide of emoji it will likely 
bring into the work lives of our nation's public servants). But it could also be a threat to a vital tool for 
government accountability. 

Emails sent to and from most government accounts are subject to Freedom of Information Act 
requests. That means that any person can ask a federal agency to turn over emails sent to or from 
government email accounts, and the agency must comply- unlesprotected by one of nine 
exemptions, which cover classified material, trade secrets, and information that would invade personal 
privacy if released. (A FOIA request filed by Jason Leopold of Vice News resulted in the release of tens 
of thousands of emails from Hillary Clinton's time as Secretary of State.) 

Calls to the FOIA offices of GSA, NASA, and the State Department inquiring about their policies with 
regards to Slack messages went unreturned. But a document posted last July by the National Archives 
and Records Administration mentions Slack specifically, and lays out guidelines for archiving 
electronic communications. 

To find out how the policies will actually be carried out, one FOIA enthusiast is testing the government's 
readiness to comply with requests for Slack messages. 

Allan Lasser is a developer at MuckRock, a website that helps its users send and monitor FOIA requests. 
Earlier this month, he sent a request to the Federal Communications Commission, asking the agency to 
reveal a list of teams that use Slack to communicate at work. 

If he's successful, Lasser wrote to me in an email, he'll be able to search for the names of the specific 
Slack channels and groups that the FCC has set up, and can tailor a follow-up FOIA request for the 
actual messages he wants to see. 


So why is Lasser going after FCC employees' work-related communications? He was motivated by the 
same reason that set me out to write this story: to find out if and how Slack and the federal 











government have thought about how to deal with FOIA requests. The FCC is generally up with modern 
technology and has been responsive to FOIA requests in the past, Lasser said, so he chose that agency 
as his proving ground- everthough he's not sure if they use Slack. (His request is unlikely to succeed: 
An FCC spokesperson said the agency does not use the program.) 

"It's important that we set high expectations and a clear path for requesting Slack data from agencies," 
Lasser wrote to me. "Slack is becoming a de-facto tool for internal workplace communication, so this is 
a situation where we can really get ahead of the government in setting clear expectations for record 
retainment and disclosure." 

Slack, for its part , is trying to make it easier for organizations to comply with strict document- 

retention requirements. Usually, the lead user of a group that uses Slack is allowed to export a 

transcript of all messages sent and received in public channels and groups. But a change the company 

made in 2014 allows organizations to apply for a special exemption that allows them to export every 

message sent and received by team members- including one-on-one messages and those sent in 

private groups. 


A spokesperson for Slack said the extra export capabilities were designed in part to allow federal 
agencies to comply with FOIA requests, in addition to helping financial-services companies that have to 
follow strict message-retention rules, and companies that are subject to discovery in litigation. The 
spokesperson would not share the number of organizations that have applied for the special export 
program, saying only that it represented "a small percentage of Slack customers." 

The federal government has made note of the special allowance. "Slack functionality has the potential 
to provide improved searchability for FOIA purposes if implemented appropriately within agencies, and 
with adequate records management control in accordance with NARA's regulations," said a 
spokesperson for the National Archives. 

I could find no record of a completed FOIA request in the U.S. that targeted Slack messages. But in 
November, an Australian news website called Crikey successfully filed a freedom-of-information 
request for Slack messages sent between employees in a government agency focused on digital 
technology. Crikey got back a 39-page transcript of Slack messages exchanged on October 8, 2014, in an 
apparently public channel. 


The Australian government redacted Slack usernames to protect employees' privacy, but the transcript 
still reveals the day-to-day banalities of office work: comments about the weather, morning commutes, 
and work-life balance. It even included emoji reactions: A message complaining about a chilly office 
earned its author one ironic palm tree. 

Of course, there will always be easy ways to keep communications off the record: picking up the phone, 
or, better yet, arranging an in-person meeting. But email has for years been the bread and butter of 
everyday communication, and plays a role in nearly every bureaucrat's daily life. If email fades, and 
Slack- osome other platform- becomethe new nexus for daily correspondence, then open- 
government policies must also evolve to keep up. 

We want to hear what you think about this article. Submit a letter to the editor or write to 
letters(a)theatlantic.com . 


What's better than Slack? GSA is seeking options 

by Tajha Chappellet-Lanier • 13 mins ago 
Written by Tajha Chappellet-Lanier 


Jan 16, 2019 | FEDSCOOP 















The General Services Administration is considering upgrading its office collaboration tools. 


The agency's IT team currently uses the team collaboration software Slack, but it doesn't seem to be 
completely happy with this option. A recently posted request for information (RFI) seeks details about 
solutions that are "not limited to the functionality of 'Slack'," in the interest of finding something that 

"extends its capability." 

"GSA IT is seeking providers of a cloud-based Softw are as a Service (SaaS) that provides an Enterprise 
wide collaboration platform allowing individuals and groups within different parts of the organization to 
securely collaborate," the RFI reads. "As part of this process, GSA-IT is seeking information from 
vendors in order to determine which companies have the skills to support these efforts and how they 
would go about providing those services to GSA." 

The RFI includes some indication of the capabilities GSA is looking for in this tool. These include 
administrator retrieval of both public and private communication on the platform "for the purposes of 
FOIA or other e-discovery needs," as well as "seamless file sharing," simultaneous syncing of desktop 
and mobile apps and more. 

Slack has at least some capability in most of the identified areas - the application has allowed 
subscribers to its "Plus" plan to download communications since 2014. But come April 20. 
administrators will be able to download the data without informing employees. Standard plan members 
will also be able to download conversations under certain circumstances - Slack says the European 
Union's General Data Protection Regulation (GDPR) is the reason for this shift. 

One line of the RFI indicates that the agency is interested in using a future tool for a little bit more 
than just internal communication. GSA also wants to be able to allow "public, non-governmental 
members to join pre-determined collaboration spaces using 2 Factor Authentication method," the 
document states. 

Responses to the RFI are due via email by April 30. 

GSA's use of Slack has sometimes caused challenges - in 2016 the agency's inspector general asked 

the 18F team to stop using the tool out of fear that it had inadvertently allowed unauthorized access 

to 100 agency Google Drives. 

There are a variety of existing Slack competitors - examples include Atlassian's Hipchat. Riva 
FZC's Flock and Microsoft Teams among others. 
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